github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

ENH: adding custom date format for proftpd when logging in its own log file (default on Debian) -- includes milliseconds 

Should resolve Debian #648276
pull/439/head
Yaroslav Halchenko 2013-11-16 22:15:27 -05:00
parent ed212fcdcc
commit d4f6ca4f85
3 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
server/datedetector.py
View File

@ -101,6 +101,13 @@ class DateDetector:
template.setRegex("\d{2}/\d{2}/\d{4}:\d{2}:\d{2}:\d{2}") template.setRegex("\d{2}/\d{2}/\d{4}:\d{2}:\d{2}:\d{2}")
template.setPattern("%m/%d/%Y:%H:%M:%S") template.setPattern("%m/%d/%Y:%H:%M:%S")
self._appendTemplate(template) self._appendTemplate(template)
# proftpd 2013-11-16 21:43:03,296
# So like Exim below but with ,subsecond
template = DateStrptime()
template.setName("Year-Month-Day Hour:Minute:Second[,subsecond]")
template.setRegex("\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d+")
template.setPattern("%Y-%m-%d %H:%M:%S,%f")
self._appendTemplate(template)
# Exim 2006-12-21 06:43:20 # Exim 2006-12-21 06:43:20
template = DateStrptime() template = DateStrptime()
template.setName("Year-Month-Day Hour:Minute:Second") template.setName("Year-Month-Day Hour:Minute:Second")

1
testcases/datedetectortestcase.py
View File

@ -74,6 +74,7 @@ class DateDetectorTest(unittest.TestCase):
(False, "23/Jan/2005:21:59:59"), (False, "23/Jan/2005:21:59:59"),
(False, "01/23/2005:21:59:59"), (False, "01/23/2005:21:59:59"),
(False, "2005-01-23 21:59:59"), (False, "2005-01-23 21:59:59"),
(False, "2005-01-23 21:59:59,099"), # proftpd
(False, "23-Jan-2005 21:59:59"), (False, "23-Jan-2005 21:59:59"),
(False, "23-01-2005 21:59:59"), (False, "23-01-2005 21:59:59"),
(False, "01-23-2005 21:59:59.252"), # reported on f2b, causes Feb29 fix to break (False, "01-23-2005 21:59:59.252"), # reported on f2b, causes Feb29 fix to break

2
testcases/files/logs/proftpd
View File

@ -14,3 +14,5 @@ Jun 14 00:09:59 platypus.ace-hosting.com.au proftpd[17839] platypus.ace-hosting.
May 31 10:53:25 mail proftpd[15302]: xxxxxxxxxx (::ffff:1.2.3.4[::ffff:1.2.3.4]) - Maximum login attempts (3) exceeded May 31 10:53:25 mail proftpd[15302]: xxxxxxxxxx (::ffff:1.2.3.4[::ffff:1.2.3.4]) - Maximum login attempts (3) exceeded
# failJSON: { "time": "2004-12-05T15:44:32", "match": true , "host": "1.2.3.4" } # failJSON: { "time": "2004-12-05T15:44:32", "match": true , "host": "1.2.3.4" }
Dec 5 15:44:32 serv1 proftpd[70944]: serv1.domain.com (example.com[1.2.3.4]) - USER jtittle@domain.org: no such user found from example.com [1.2.3.4] to 1.2.3.4:21 Dec 5 15:44:32 serv1 proftpd[70944]: serv1.domain.com (example.com[1.2.3.4]) - USER jtittle@domain.org: no such user found from example.com [1.2.3.4] to 1.2.3.4:21
# failJSON: { "time": "2013-11-16T21:59:30", "match": true , "host": "1.2.3.4", "desc": "proftpd-basic 1.3.5~rc3-2.1 on Debian uses date format with milliseconds if logging under /var/log/proftpd/proftpd.log" }
2013-11-16 21:59:30,121 novo proftpd[25891] localhost (andy[1.2.3.4]): USER kjsad: no such user found from andy [1.2.3.5] to ::ffff:192.168.1.14:21